Login
    Contenu x
    AAL2VerifySignatureEs
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2VerifySignatureEs

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2VerifySignatureEs (
                                 TDigipassBlob*   DPData,
                                 TKernelParms*    CallParms,
                                 aat_ascii*       Signature,
                                 aat_ascii*       SignedDataFields [8],
                                 aat_int32        FieldCount,
                                 aat_int32        DeferredSignatureData
                                 aat_ascii*       aServerPublicKey,
                                 aat_ascii*       ConfirmationCode,
                                 aat_ascii*       ConfirmationCodeLength);

    Description

    This function is an extension of AAL2VerifySignatureEx, offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass authenticators. A server public key, such as a certificate, can be used in input to diversify the challenge.

    In addition, this function introduces pre-processing on the DataFields in input; each DataField can have up to 32000 characters.

    The enhanced signature validation function is supported by Digipass 110 and Digipass for Web.

    Parameters

      Table: Parameters (AAL2VerifySignatureEs)
    TypeNameUseDescription
    TDigipassBlob *DPDataI/Oauthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_ascii *SignatureIString of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces.
    aat_ascii *[8]SignedDataFieldsI

    Array of 8 null-terminated strings of up to 32000 printable ASCII-EBCDIC invariant characters. This parameter holds the 8 possible data fields that are used to generate a signature.

    For a list of the characters that can be used for the data fields, see Supported data fields charset.

    aat_int32FieldCountINumeric value from 1 to 8 indicating the number of data fields to use from the SignedDataFields array.
    aat_int32Deferred signature dataI
    • Must be 0 if signature is validated in online mode (OnlineSG=1 or 2).
    • If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.)

      If this parameter is >0, the filled parameter must be the Digipass time, not the host time.

    • If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.
    aat_ascii *aServerPublicKeyIString of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place.
    aat_ascii *Confirmation codeOString of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes).
    aat_int32 *Confirmation CodeLengthOPointer to a long integer that indicates the length of the generated return host code.

    Return codes

      Table: Return codes (AAL2VerifySignatureEs)
    CodeMeaningCodeMeaning
    0Success510Invalid Digipass data pointer
    10001Success with context warning*1103Unlock Version 2 not supported
    10002Success with user warning*1116Response check digit not allowed
    10003Success with user & context warning*1117Challenge check digit not allowed
    10004Success with platform warning*1118Unsupported BLOB
    10005Success with platform & context warning*-101Data field too short
    10006Success with platform & user warning*-103Data field check digit wrong
    10007Success with platform & user & context warning*-105Challenge minimum length not allowed
    1Signature not verified-102Data field too long
    132Unsupported token type-106Challenge maximum length not allowed
    139Invalid signature pointer-107Challenge number wrong
    141Invalid field count-108Challenge character invalid
    148Invalid data field pointer-153Server public key too long
    203Sign error threshold reached-201Response length out of bounds
    204Duplicate signature found-202Response too short
    205Inactive days reached-203Response too long
    206Chronological signature error-204Response check digit wrong
    207Deferred signature not allowed with OnLineSG not Null-205Response character not decimal
    208Application disabled-206Response character not hexadecimal
    412Invalid checksum-207Response character set not specified
    413Invalid Base64 format-1501Memory allocation failed

    * Specific score-based authentication codes; for more information, refer to Score-based Digipass.

    Supported data fields charset

    The following table lists the supported characters for the data fields of AAL2VerifySignatureEs with associated hexadecimal values in ASCII and EBCDIC.

         

      Table: List of supported characters
    CharacterHex ASCII valueHex EBCDIC valueCharacterHex ASCII valueHex EBCDIC value
    space0x200x40   
    !0x210x5AP0x500xD7
    0x220x7FQ0x510xD8
    #0x230x7BR0x520xD9
    $0x240x5BS0x530xE2
    %0x250x6CT0x540xE3
    &0x260x50U0x550xE4
    '0x270x7DV0x560xE5
    (0x280x4DW0x570xE6
    )0x290x5DX0x580xE7
    *0x2A0x5CY0x590xE8
    +0x2B0x4EZ0x5A0xE9
    ,0x2C0x6B[0x5B0xAD
    -0x2D0x60\0x5C0xE0
    .0x2E0x4B]0x5D0xBD
    /0x2F0x61^0x5E0x5F
    00x300xF0_0x5F0x6D
    10x310xF1`0x600x79
    20x320xF2a0x610x81
    30x330xF3b0x620x82
    40x340xF4c0x630x83
    50x350xF5d0x640x84
    60x360xF6e0x650x85
    70x370xF7f0x660x86
    80x380xF8g0x670x87
    90x390xF9h0x680x88
    :0x3A0x7Ai0x690x89
    ;0x3B0x5Ej0x6A0x91
    <0x3C0x4Ck0x6B0x92
    =0x3D0x7El0x6C0x93
    >0x3E0x6Em0x6D0x94
    ?0x3F0x6Fn0x6E0x95
    @0x400x7Co0x6F0x96
    A0x410xC1p0x700x97
    B0x420xC2q0x710x98
    C0x430xC3r0x720x99
    D0x440xC4s0x730xA2
    E0x450xC5t0x740xA3
    F0x460xC6u0x750xA4
    G0x470xC7v0x760xA5
    H0x480xC8w0x770xA6
    I0x490xC9x0x780xA7
    J0x4A0xD1y0x790xA8
    K0x4B0xD2z0x7A0xA9
    L0x4C0xD3(0x7B0xC0
    M0x4D0xD4|0x7C0x4F
    N0x4E0xD5)0x7D0xD0
    O0x4F0xD6~0x7E0xA1
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle